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[57] ABSTRACT 

The invention enables a peripheral device to communicate 
with a host computing device to enable one or more security 
operations to be performed by the peripheral device on data 
stored within the host computing device, data provided from 
the host computing device to the peripheral device (which 
can then be, for example, stored in the peripheral device or 
transmitted to yet another device), or data retrieved by the 
host computing device from the peripheral device (e.g., data 
that has been stored in the peripheral device, transmitted to 
the peripheral device from another device or input to the 
peripheral device by a person). In particular, the peripheral 
device can be adapted to enable, in a single integral periph- 
eral device, performance of one or more security operations 
on data, and a defined interaction with a host computing 
device that has not previously been integrated with security 
operations in a single integral device. The defined interac- 
tions can provide a variety of types of functionality (e.g., 
data storage, data communication, data input and output, 
user identification). The peripheral device can also be imple- 
mented so that the security operations are performed in-line, 
i.e., the security operations are performed between the 
communication of data to or from the host computing device 
and the performance of the defined interaction. Moreover, 
the peripheral device can be implemented so that the secu- 
rity functionality of the peripheral device is transparent to 
the host computing device. 

39 Claims, 9 Drawing Sheets 
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PERIPHERAL DEVICE WITH INTEGRATED 102, the host computing device 101 causes the security 

SECURITY FUNCTIONALITY mechanism 101a to perform appropriate cryptographic 

operations on data before the data is transferred to the 

CROSS-REFERENCE TO RELATED portable device 102. Similarly, the host computing device 

APPLICATION 5 101 can receive secured data from the portable device 102 

This application is related to the commonly owned, " n ? ^ dom ^T^. ^graphic "Potions on the 

„ , Pt 4 » i- ...i I data to convert the data into a form that enables the data to 

co-pending united Mates patent Application entitled fee accessed and/or modified b a who 

is authorized 

"Modular Security Device, by William P. Bialick, Mark J- to do so 

Sutherland, Janet L. Dolphin-Peterson, Thomas K. A sienificant deficiency of the system 100 is that the 

Rowland Kirk W. Skeba and Russell D. Housley filed on 10 ^ mec hani S m 101a is itself typically not adequately 

the same jdate >ts ahe present apphcation and having Attorney secure ft ^ commonl a ted that the comp on C nts 

Docket No. SPY-003, the disclosure of which is mcorpo- (including hardware , software and/or firmware) of most host 

rated by reference herein. computing devices are inherently insecure. This is because 

BACKGROUND OF THE INVENTION 15 | ne system design of host computing devices is, typically, 

* intentionally made open so that components made by dif- 

1. Held ot the Invention ferent manufacturers work together seamlessly. Thus, an 
This invention relates to a peripheral, often portable, unauthorized person may obtain knowledge of the operation 

device (as well as the methods employed by such a periph- of tne seC urity mechanism 101a (e.g., identify a crypto- 

eral device, and systems including such a peripheral device gra phic key), thereby enabling that person to gain access to, 

and a host computing device with which the peripheral and/or mo dify, the (thought to be secured) data, 

device communicates) that can communicate with a host FIG. 2 is a block diagram of another prior art system for 

computing device to enable one or more security operations enabli a faost computing device t0 ovide data to 

to be performed by the peripheral device on data stored and retfieve secured data from> a rtable device , n nG 2 

within the host computing device, data provided from the a tem 200 mcludes a host computing device 2 01, a 

host computing device to the peripheral device, or data 25 bfe deyice 202 and a securi device 203 The host 

retrieved by the host computing device from the peripheral compu ting device 201, the portable device 202 and security 

device. device 203 are adapted to enable communication between 

2. Related Art the devices 201 and 202, and between the devices 201 and 
Computing capability is becoming increasingly portable. 30 203. The security device 203 includes appropriately config- 

In particular, there are more and more portable peripheral ured hardware, software and/or firmware which can be 

devices that are adapted for communication with a host directed to perform one or more cryptographic operations, 

computing device (e.g., desktop computer, notebook com- i n the system 200, if it is desired to provide secured data 

puter or personal digital assistant) to enable particular func- from the host computing device 201 to the portable device 

tionality to be achieved. These portable peripheral devices 35 202, the host computing device 201 first causes data to be 

can take a variety of physical forms (e.g., PCMCIA cards, transferred to the security device 203, where appropriate 

smart cards, CD-ROMs) and can perform an assortment of cryptographic operations are performed on the data. The 

functions (e.g., storage, communications and cryptography). secured data is then transferred back to the host computing 

However, while portable computing affords a number of device 201, which, in turn, transfers the secured data to the 

advantages, it has a significant disadvantage in that the 40 portable device 202. Similarly, the host computing device 

computational environment (including the portable periph- 201 can receive secured data from the portable device 202 

eral devices, the host computing devices in which they are by, upon receipt of secured data, transferring the secured 

used, and any other computational devices that communi- data to the security device 203, which performs appropriate 

cate with those devices) is more susceptible to security cryptographic operations on the data to convert the data into 

breaches, i.e., unauthorized access to, or modification of, 45 a form that enables the data to be accessed and/or modified 

programs and/or data resident within the environment. by a person who is authorized to do so, then transfers the 

Consequently, cryptographic devices and methods have unsecured data back to the host computing device 201. 

been developed for use with such computational environ- The system 200 can overcome the problem with the 

ments (as well as other computational environments) to system 100 identified above. The security device 203 can be 

enable increased levels of environment security to be 50 constructed so that the cryptographic functionality of the 

obtained. device 203 can itself be made secure. (Such a security device 

FIG. 1 is a block diagram of a prior art system for is often referred to as a security "token.") An unauthorized 

enabling a host computing device to provide secured data to, person can therefore be prevented (or, at least, significantly 

and retrieve secured data from, a portable device. In FIG. 1, deterred) from obtaining knowledge of the operation of the 

a system 100 includes a host computing device 101 and a 55 security device 203, thereby preventing (or significantly 

portable device 102. The host computing device 101 and deterring) that person from gaining access to, and/or 

portable device 102 are adapted to enable communication modifying, the secured data. 

between the devices 101 and 102. The host computing However, the system 200 may still not always ensure 

device 101 includes a security mechanism 101a (which can adequately secured data. In particular, unsecured data may 

be embodied by appropriately configured hardware, soft- 60 be provided by the host computing device 201 to the 

ware and/or firmware, such as, for example, a general portable device 202 if the host computing device 201 — 

purpose microprocessor operating in accordance with whether through inadvertent error or deliberate attack by a 

instructions of one or more computer programs stored in a user of the host computing device 201, or through malfunc- 

data storage device such as a hard disk) which can be tion of the host computing device 201 — fails to first transfer 

directed to perform one or more cryptographic operations. 65 data to the security device 203 for appropriate cryptographic 

In the system 100, if it is desired to provide secured data treatment before providing the data to the portable device 

from the host computing device 101 to the portable device 202. 
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Additionally, the system 200 requires the use of two the need to modify aspects of the operation of the host 

separate peripheral devices (portable device 202 and secu- computing device (e.g., device drivers of the host computing 

rity device 203) to enable the host computing device 201 to device), making implementation and use of a data security 

exchange secured data with the portable device 202. For system including the modular device simpler and easier, 

several reasons, this may be inconvenient. First, both 5 Thus, the possibility that a user will use the system incor- 

devices 202 and 203 may not be available at the time that it rectly (e.g., fail to apply security operations to an interaction 

is desired to perform a secure data exchange (e.g., one may with the host computing device, or apply the security 

have been forgotten or misplaced). Second, even if both operations incorrectly or incompletely) is reduced. Making 

devices 202 and 203 are available, it may not be possible to the security operations transparent can also enhance the 

connect both devices 202 and 203 at the same time to the 10 security of those operations, 
host computing device 201, making use of the devices 202 

and 203 cumbersome and increasing the likelihood that BRIEF DESCRIPTION OF THE DRAWINGS 

unsecured data is provided by the host computing device ™^ i . U1 * f . . c 

*™ * .u . * i j -„i r & FIG. 1 is a block diagram of a prior art system for 

201 to the portable device 202. ... , t . ~ . 4 r ' , 4 4 

r enabling a host computing device to provide secured data to, 

SUMMARY OF THE INVENTION 1 and retrieve secured data from, a portable device. 

A peripheral device according to the invention can be 2 ^ a block digram of another prior art system for 

used to communicate with a host computing device to enable enabling a host computing device to provide secured data to, 

one or more security operations to be performed by the and retrieve secured data from, a portable device, 

peripheral device on data stored within the host computing 20 FIG. 3 A is a block diagram of a system according to the 

device, data provided from the host computing device to the invention. 

peripheral device (which can then be, for example, stored in FIG. 3B is a perspective view of a physical implementa- 

the peripheral device or transmitted to yet another device) or t i on 0 f me system of FIG. 3A according to one embodiment 

data retrieved by the host computing device from the periph- 0 f the invention. 

eral device (e.g., data that has been stored in the peripheral 25 na 4 ^ a block ^ gT&m of a peripheral device according 

device, transmitted to the peripheral device from another tQ M embodiment of tne 

device or input to the peripheral device by a person). In _ . _ . - , , 

particular, the peripheral device can be adapted to enable, in F j^. 5 13 \ fl u ow char ! of » metho f accordmg to an 

a single integral peripheral device, performance of one or embodiment of the invention, for initiating use of a system 

more security operations on data, and a denned interaction 30 accordm 8 to the invention. 

with a host computing device that has not previously been FIG ' 6 is a block diagram of a system, according to an 

integrated with security operations in a single integral embodiment of the invention, illustrating operation of the 

device. The defined interactions can provide a variety of system during a method according to the invention as in 

types of functionality (e.g., data storage, data FIG. 5. 

communication, data input and output, user identification), 35 FIGS. 7A and 7B is a flow chart of a method, according 

as described further below. The peripheral device can be to an embodiment of the invention, for using a peripheral 

implemented so that the peripheral device can be operated in device according to the invention. 

any one of multiple user-selectable modes: a security func- FIG. 8 is a block diagram of a peripheral device according 

tionality only mode, a target functionality mode, and a t0 another embodiment of the invention. 

combined security and target functionality mode. The 40 FIG. 9A is a block diagram illustrating the flow of data 

peripheral device can also be implemented so that the th fa me mtefface comrol device 0 f pjQ 8 , 

secunty operations are performed in-line, i.e., the security e . t , t . 

operations are performed between the communication of FIG * * B 15 a blot * <^ ram f of a P artlcular embodiment of 

data to or from the host computing device and the perfor- aD ml f rface c ° ntrC)1 device for use m a Penpheral device 

mance of the defined interaction. Moreover, the peripheral 45 accordm 8 t0 the ""venton. 

device can be implemented so that the security functionality- DETAILED DESCRIPTION OF THE 

ot the peripheral device is transparent to the host computing INVENTION 

device. 

A peripheral device according to the invention can advan- FIG. 3A is a block diagram of a system 300 according to 
tageously enable application of security operations to a wide 50 the invention. The system 300 includes a host computing 
variety of interactions with a host computing device. In device 301 and a peripheral device 302 that communicate 
particular, a peripheral device according to the invention can via a communications interface 303. Herein, "peripheral 
accomplish this without necessity to use two peripheral device" can refer to any device that operates outside of a 
devices: one that performs the security operations and one host computing device and that is connected to the host 
that performs the defined interaction. This can, for example, 55 computing device. The peripheral device 302 includes a 
minimize the possibility that the device adapted to perform security mechanism 302a that enables security operations 
the defined interaction will be used with the host computing (examples of which are described in more detail below) to 
system without proper application of security operations to be performed on data that is stored within the host comput- 
that interaction. Moreover, the provision of in-line security ing device 301, data that is transmitted from the host 
in a peripheral device according to the invention enables a 60 computing device 301 to the peripheral device 302, or data 
more secure exchange of data between a host computing that is transmitted from the peripheral device to the host 
device and the peripheral device, overcoming the problems computing device 301. As explained in more detail below, 
identified above in previous systems for performing security the peripheral device 302 also provides additional function- 
operations on data exchanged between such devices. ality (referred to herein as "target functionality") to the 
Additionally, implementing a modular device according to 65 system 300, such as, for example, the capability to store data 
the invention so that the performance of security operations in a solid-state disk storage device, the capability to enable 
by the modular device is transparent can reduce or eliminate communications from the host computing device 301 to 
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another device, the capability to accept biometric input to only of the presence of the target functionality 402. 
enable user authentication to the host computing device 301, Additionally, the peripheral device 400 can be implemented 
and the capability to receive and read a smart card inserted so that security operations are performed "in-line," i.e., the 
into the peripheral device 302. security operations are performed between the communica- 
Generally, the communications interface 303 can be any 5 'ion of data to or from the host computing device and the 
embodied by any of a variety of communication interfaces, P«?>™»»» of fcncuonah y provided by the 
, . / . . - nm^TA peripheral device. Further, the peripheral device 400 enables 
such as a wireless communications interface, a PCMCIA A - * r \ * I i * * L -i 
. tC j . , _r • i • . _r / i_ a wide variety of secure target functionality to be easily 
interface, a smart card interface, a serial interface (such as an rovided to a host com utin device 
RS-232 interface), a parallel interface, a SCSI interface or an p _ , - , \ ^ n 
IDE interface. Each embodiment of the communications w FIG. 5 is a flow chart of a method 500, according to an 
interface 303 includes hardware present in each of the host embodiment of the invention, for initiatmg use of a system 
computing device 301 and peripheral device 302 that oper- according to the invention. The method 500 enables an 
ates in accordance with a communications protocol (which f P ect of 1 lhe ™ which the presence of security 
can be embodied, for example, by software stored in a ^nctionahty as part of a peripheral device is not .detected by 
memory device and/or firmware that is present in the host « a host computing device, thus making the security function- 
computing device 301 and/or peripheral device 302) appro- aht y transparent to the host computing device and, depend - 
priate for that type of communications interface, as known m 8 u P° n . the Particular manner in which the secunty fimc- 
to those skilled in the art. Each embodiment of the commu- Uonaht y 1S ™Pkmented, to a user of the system, 
nications interface 303 also includes mechanisms to enable FIG - 6 ™ a block diagram of a system 600, according to 
physical engagement, if any, between the host computing 20 an embodiment of the invention, illustrating operation of the 
device 301 and peripheral device 302. svstem 600 a method according to the invention such 
^ lt , . 1M , c as the method 500 of FIG, 5. The system 600 includes a host 
Generally, the secunty mechanism 302a can be conns- 4 . , . , . / « , . , M r™ L * 
, . J c * . j * u »• computing device 601 and a peripheral device 602. The host 
ured to perform any electronic data secunty operation *• j • *m • i J j • i j * M s 
ru ■ c i j • i „ »\ computing device 601 includes a display device 603a (e.g., 
(herein, referred to simply as secunty operation ) ? i , j- i \ j • ! 
> ! , . r i * * j 25 a conventional computer display momtor) and user input 
mcluding, for example, operations that provide one or more , . , M , , f . / , „ . , 

f*u u • * L- c u • * c device 603o (e.g., a keyboard, mouse, trackball, joystick or 

of the basic cryptographic functions, such as maintenance of . v . & , . ' - , ' . . \ J . „ 

data confidentiality, verification of data integrity, user 0ther a PP r °P nat£ f evlce ) >ff™? 10 coUecbvely hereinafter 

* j . . • n *• i ■* as user mterface device 603. The host computing device 601 

authentication and user non-repudiation. Particular security . . . , , , - . & 

. . i 4 j ■ . t. ij- also includes, mounted within a housing 604, a processing 

operations that can be implemented in a penpheral device , . , n . ' . . £tl£ & . \ t /T 

according to the invention are described in more detail 30 f" ce dev,ce 606 ;. an "^""put (10) 

below device 607 for enabling commumcation with the user inter- 

_ . , - , . , face device 603, and an input/output (I/O) device 608 for 

The . secunty mechanism 302a can be, for example, enabU communication with peri p he ral device 602. The 

embodied as a secunty token. Herein, "security token refers devices 605j 606 60? and 60g 

can each be implemented bv 

to a device that performs security operations and that 3J conventional such devices and can communicate with each 

includes one or more mechanisms (such as, for example, use othef via , co Dvemional computer bus 609, as is well known 

of a hardware random number generator and/or protected and understood . ^ periphera i dev ice 602 includes security 

memory) to provide secunty for the content of those opera- functionality 611, a memory device 612, an input/output 

tl0ns - (I/O) device 613 for enabling communication with the host 

FIG. 3B is a perspective view of a physical implementa- 40 computing device 601 and target functionality 614. The 

tion of the system 300 of FIG. 3A, according to one security functionality 611, memory device 612, I/O device 

embodiment of the invention. In FIG. 3B, the peripheral 613 and target functionality 614 can each be implemented by 

device 302 is embodied as a card 312 that can be inserted conventional devices and can communicate with each other 

into a corresponding slot 313 formed in a portable computer v i a a conventional computer bus 615, as is well known and 

311 that, in FIG. 3B, embodies the host computing device 45 understood. The host computing device 601 and the periph- 

301. Often a peripheral device according to the invention is era i device 60 2 are shown in simplified form in FIG. 6 to 

a portable device, such as the card 312 shown in FIG. 3B. facilitate clarity in illustration of this aspect of the invention; 

Herein, "portable device" can refer generally to any device as described in more detail below and as understood by those 

that is capable of being easily carried by hand. s kju e d in the art, the host computing device 601 and the 

FIG. 4 is a block diagram of a peripheral device 400 50 peripheral device 602 can — and typically will — include 

according to an embodiment of the invention. The peripheral other devices not shown in FIG. 6. 

device 400 includes security functionality 401, target func- Returning to FIG. 5, use of a system according to the 

tionality 402 and a host interface 403 that are formed invention begins when, as shown by step 501, a user of the 

together as part of a single physical device. For example, the system connects a peripheral device according to the inven- 

security functionality 401 and target functionality 402 can 55 tion to a host computing device. Such connection can occur 

be enclosed in a single, card -like housing (designated in in any manner that enables the peripheral device to com- 

FIG. 4 by the numeral 404) conforming to a PCMCIA card municate with the host computing device. Frequently, this 

or smart card standard. will occur as a result of a physical connection of the 

The peripheral device 400 can have a number of advan- peripheral device to the host computing device. (In general, 

tageous characteristics. The peripheral device 400 can be 60 such physical connection can occur either before or after the 

implemented in a manner that enables the security opera- host computing device begins operating; however, in the 

tions of the security functionality 401 to be performed in a former case, subsequent steps of the method 500 — with the 

manner that is transparent to a host computing device (and, exception of, depending upon the implementation of the 

depending upon the particular implementation of the periph- peripheral device, the step 503 — cannot be performed until 

eral device 400, to a user of a system including the periph- 65 the host computing device begins operating.) For example, 

eral device 400) of a system according to the invention, so the peripheral device can be embodied in a card or disk (e.g., 

that the host computing device (and, perhaps, user) is aware a card conforming to a PCMCIA form factor as established 
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by the appropriate standard) that is inserted into a corre- the type of the peripheral device. This is true for a variety of 

sponding socket formed in the host computing device, Or, types of peripheral devices, such as, for example, peripheral 

the peripheral device can be embodied in a housing from devices that conform to the PCMCIA standard. (The PCM- 

which a cord extends, a plug of the cord being inserted into CIA standard, for example, includes a specification, called 

a mating receptacle formed in the host computing device. 5 me Card Information Structure, that defines, among other 

However, such physical connection need not necessarily things, a location in a portion of memory of a PCMCIA card, 

occur; the peripheral device can also be connected to the denoted as "attribute memory", that stores data identifying 

host computing device by any type of wireless communi- the t of the PCMCIA card<) In the system m , the 

cation for which the host computing device contains an peripheral device m is such a device. The memory section 

appropriate interlace. 3Q of the memory device 612 of tne peripheral device 602 

Once connection between the peripheral device and the which the host dev ice 601 seeks to access is 

host computing device is made, the host computing device shown in FIG , 6 as the memory section 612a, and the data 

detects the presence of the peripheral device, as shown by stored therein is referred t0 herein as «p eri pheral device 

step 502. Such detection of the presence of a peripheral identification data." 

device is typically enabled as a standard aspect of the 1S ™ . . , , . , n ~ . . , . , t . . 

J \ J ... , . ** j * 15 The penpheral device 602 can be implemented so that the 

operating system software of the host computing device. rf ^ ^ m assumes , he ^ of ^ 

"Typically, once the presence of a new peripheral device is &nctiollality 614 (whether or not the seauiSy functionality 

detected by the operating system software of the host ofthe peripheral device is also being used). This enables the 

computing device, the operating system software (or com- host computing device 60 l 

to interact with the peripheral 

pamon software program) also identifies the type of the 20 device 602 as though me eri pheral device 602 were a 

penpheral device This can be accomplished, for example, devke rf ^ of ^ fonctionality 614> 

by a standard software device driver (hereinafter, host recognizmg ^ xcmity functionality 611 is present that 

aW) for devices of the type that use the host computing ma be formin operations. Thus, the need to 

^fV^ * bem &. use l d b y peripheral device mo(Ji£y te of ^ ^ of tQe hos , computing 

602. In FIG. 6, the host driver is shown stored in the memory 25 devke ( me host devke drivef) to eQaWe formance of 

section 606a of the memory device 606 of the host com- ope^mtkMis is reduced or eliminated, making imple- 

puting device 601. (The Card Services or Socket Services m , omion and use of a data securit ^em includin lhe 

programs that often are bundled with the Windows95™ deyice m f ^ ^ ^ ^ Qf ^ 

operating system software for use in Performmg various data , em ^ easief ( , usef nee(J n0 , vide 

' housekeeping" functions associated with a PCMCIA inter- 30 ffl tQ ^ , he host drivef tQ ^ a riatel tailored to 

face are examples of such drivers.) However, m the method enab , e desired mteraction ^ a securit device)] the 

500, before the operating system software can perform such sibm , hat a ^ ^ US6 ^ m incorrectl ( fail 

identification, the penpheral device according to the inven- tQ { securi ations t0 an m t er action with the host 

tion suspends operation of this aspect of the operating ti devi or , the secalit operations incor- 

system software so that the penpheral device can estabteh 35 ^ Qr ; letely) fe reduced . 

its identity, as shown by step 503, and explained further _ , , . . , . t . . . ^ M 

below. As will be apparent from that explanation, perfor- . T h ° Ugh ' SS ^"7° Fl ?' P? n P hera l dev,ce ?° 

mance ofthe step 503 advantageously enables the peripheral J** 1 * 8 security fiinctionality 611 and target functionality 

device to assume the identity of the target functionality that « 14 > l . he svste ^ caD b f operated so that only the security 

is part of the peripheral device. Since, as described else- 40 fuDC, ' ona ^ 1 'y 611 » . Med - ™° peripheral device 602 and 

where herein, a peripheral device according to the invention peripheral device dnver (discussed below) can be irnple- 

can include a variety of types of target functionality, the men L ted 50 tha «' when « he Penpheral device 602 is operated 

peripheral device can take a variety of identities. m tbat the peripheral device identification data stored 

™ 4 . , , t . r .. m the memory location 612fl identifies the peripheral device 

The particular manner in which operation or the operating , M j • 

. c • j j .L * . . i , . 602 as a security device, 

system software is suspended so that the penpheral device 45 J 

can establish its identity can depend on the characteristics of Returning to FIG. 5, after the peripheral device has 

the operating system software and/or the device interface. established its identity, the host computing device identifies 

However, for many combinations of operating system soft- the peripheral device, as shown by step 504. This can be 

ware and device interface, the operating system software implemented as part of the host dnver, as indicated above, 

waits for confirmation that the device connected to the 50 Once the host computing device has identified the periph- 

device interface is ready for further interaction with the eral device (and other host computing device operating 

operating system software before the operating system soft- system software operations concluded, if applicable), the 

ware seeks to identify the type of the device connected to the user can begin using the peripheral device (in particular, the 

interface (the standard for PCMCIA interfaces, for example, security functionality of the peripheral device), as shown by 

specifies such operation). In such cases, the peripheral 55 step 505 ofthe method 500. Such use can be enabled by one 

device can be configured to delay informing the operating or more software programs (referred to collectively herein- 

system software that the peripheral device is ready for after as a "peripheral device driver," though such programs 

further interaction until the peripheral device has established can include programs in addition to those conventionally 

its identity. termed "drivers," such as programs conventionally termed 

The following description of one way in which the step 60 "applications") that are executed by the host computing 

503 can be implemented can best be understood by reference device. 

to the system 600 shown in FIG. 6, One way in which the The use of a separate driver to control and interact with 

operating system software of a host computing device can the security functionality of a peripheral device according to 

identify the type of a peripheral device is to access a known the invention can be advantageous because it reduces or 

memory section of a memory device of the peripheral 65 eliminates the need to modify the host driver. As a practical 

device, as established by an interface standard developed for matter, such modification of the host driver can likely only 

that type of peripheral device, that stores data representing be accomplished by requiring a user to interact with a 
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standard host driver to appropriately modify the standard 
host driver. This is undesirable because the user may forget 
to modify the driver or modify the driver incorrectly or 
incompletely. 

The peripheral device driver can have previously been 
installed on a data storage device (e.g., hard disk) of the host 
computing device (in FIG. 6, the peripheral device driver is 
shown stored in the memory section 606b of the memory 
device 606 of the host computing device 601), or can be 
made accessible to the host computing device via an appro- 
priate interface (such as a floppy disk drive, CD-ROM drive 
or network connection) at a time when the user wishes to 
initiate interaction between the host computing device and 
the peripheral device. Additionally, when a peripheral device 
according to the invention is used with a host computing 
device which utilizes operating system software that sup- 
ports the feature informally referred to as "plug and pla/\ 
it is also possible to store the peripheral device driver in a 
memory device of the peripheral device and configure the 
peripheral device so that, when the peripheral device is 
connected for the first time to a particular host computing 
device, the host computing device automatically provides 
the user with the opportunity to instruct the host computing 
device to cause the peripheral device driver to be transferred 
from the peripheral device to the host computing device. 

FIG. 7 is a flow chart of a method 700, according to an 
embodiment of the invention, for using a peripheral device 
according to the invention. It is to be understood that the 
method 700 shown in FIG. 7 is not the only way to enable 
the aspects of use of a peripheral device according to the 
invention that are illustrated in FIG. 7; as can be readily 
appreciated by those skilled in the art, such aspects can be 
implemented using any of a variety of other appropriate 
methods. Further, the use of a peripheral device according to 
the invention can include aspects not illustrated in FIG. 7; 
likewise, such use may not include some of the aspects 
illustrated in FIG. 7. The method 700 of FIG. 7 is shown 
merely to aid in the illustration of certain aspects of the 
invention, and should not be interpreted as restricting the 
manner in which a peripheral device according to the 
invention can be used. 

To begin using a peripheral device according to the 
invention, a user instructs the host computing device to 
begin execution of the peripheral device driver, as shown by 
step 701 of the method 700, the user having obtained 
knowledge of the appropriate command to begin execution 
of the peripheral device driver in any appropriate manner 
(e.g., from a user manual accompanying the peripheral 
device driver and/or the peripheral device). In general, the 
steps of the method 700 occur as a result of operation of a 
peripheral device driver; however, operation of the host 
driver may be necessary or desirable to enable some aspects 
of the method 700 (e.g., execution of a transaction, as in 
steps 708, 712 and 715). 

As indicated above, a peripheral device according to the 
invention can be implemented so that the host driver cannot 
detect the presence of the security functionality of the 
peripheral device. In such case, the peripheral device driver 
enables the detection of the security functionality, as shown 
by step 702 of the method 700. This can be accomplished by 
including instructions as part of the peripheral device driver 
that, when the peripheral device driver first begins 
executing, cause the peripheral device driver to access a 
predefined location of a memory device of the peripheral 
device (in FIG. 6, the memory section 6126) for data that 
identifies whether the peripheral device is a device having 
security functionality that is compatible with the peripheral 
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device driver. If the peripheral device is such a device, then 
the peripheral device driver can enable the user to make use 
of the security functionality of the peripheral device. 
Further, the peripheral device driver can be implemented, as 

5 shown in FIG. 7, so that, if the proper security functionality 
is not detected, execution of the peripheral device driver 
terminates, preventing use of the peripheral device. 
Alternatively, the peripheral device driver can be imple- 
mented so that, if the proper security functionality is not 

10 detected, the target functionality of the peripheral device can 
be used without the security functionality of the peripheral 
device. 

A peripheral device according to the invention can, in 
general, be operated in one of three modes: 1) a mode in 

1S which only the security functionality is used, 2) a mode in 
which both the security functionality and the target func- 
tionality are used, and 3) a mode in which only the target 
functionality is used. The user can be enabled to, via the 
peripheral device driver, select any one of the three modes 

20 of operation. However, in some applications, it may be 
desirable to inhibit operation in one or two of the modes. In 
particular, it may be desirable to prevent operation of the 
peripheral device in the last of the above-listed modes, i.e., 
a mode in which the security functionality is not used, if it 

25 is desired to ensure that use of the target functionality can 
only occur with the application of one or more security 
operations, This could be accomplished by implementing 
the peripheral device driver so that the option to operate in 
that mode is not presented to the user, or the peripheral 

30 device could be configured during manufacture to prohibit 
operation in that mode. For example, if the target function- 
ality is embodied as a communications device or a memory 
device, it may be desirable to ensure that unencrypted data 
cannot be transferred via the communications device or 

35 stored in the memory device, whether done inadvertently or 
on purpose. 

In the method 700, all three of the above -listed modes are 
available for use. In the step 703 of the method 700, a 
determination is made as to whether the security function- 

40 ality is to be used. (As noted above, such use may be 
required.) If yes, the peripheral device is operated in one of 
the first two modes above (security functionality only, or 
security functionality plus peripheral functionality); if no, 
the third mode is used (peripheral functionality only). 

45 ' The peripheral device driver can be implemented so that 
the user must successfully enter an acceptable access code 
(e.g., a password or PIN) before the user is enabled to use 
the peripheral device. In particular, it can be desirable to 
require an access code before enabling a user to use the 

50 security functionality, thus establishing a layer of security 
that protects the integrity of the security operations them- 
selves. In the method 700, as shown by the step 704, an 
acceptable access code must be entered by the user before 
the security functionality of the peripheral device can be 

55 used. An access code can be entered, for example, by 
inputting the access code in a conventional manner using a 
user interface device (e.g., keyboard) of the host computing 
device. Or, an access code can be entered using particular 
embodiments of target functionality (such as a biometric 

60 device, discussed in more detail below) that is part of the 
peripheral device according to the invention. 

Advantageously, an access code can be used not only to 
control access to the security (or other) functionality of the 
peripheral device, but also to identify a "personality" of the 

65 user. Each personality is represented by data that establishes 
certain characteristics of operation of the peripheral device, 
such as, for example, restrictions on operation of the periph- 
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eral device (e.g., limitations, on the types of security opera- execution of the transaction, the user can be allowed to 

tions that can be performed) or specification of operating execute further transactions, as shown by step 709 of the 

parameters or characteristics (e.g., cryptographic keys or method 700. It is also possible for the user to begin using 

specification of a particular incarnation of a type of security another personality (by entering an appropriate access code), 

algorithm, such as a particular encryption algorithm). A 5 as shown by step 709 of the method 700. Eventually, use of 

single user can have multiple personalities: each personality the peripheral device ends, as shown by step 718 of the 

might, for example, correspond to a different capacity in method 700. 

which a user acts. Data representing personalities and cor- The peripheral device and associated peripheral device 

responding user access codes can be stored in a memory driver can be implemented so that it is possible to use only 

device of the peripheral device, 10 the security functionality of the peripheral device. The 

Upon receipt of an acceptable access code, the peripheral peripheral device can be used in this manner to, for example, 

device driver controls the host computing device to present encrypt or decrypt data stored on the host computing device 

a user interface that enables the user to effect desired control by receiving the data from the host computing device, 

of the peripheral device, and, in particular, to use the encrypting or decrypting the data as appropriate, then return - 

peripheral device to perform security operations, as 15 ing the encrypted or decrypted data to the host computing 

described below. (If access codes are also used to identify device. 

personalities, upon receipt of an acceptable access code, the As indicated above, the peripheral device and associated 

peripheral device driver can also access and retrieve the data peripheral device driver can be implemented so that it is 

representing the corresponding personality, so that the possible to use only the target functionality of the peripheral 

operation of the peripheral device can be controlled 2 o device, even without entering an appropriate access code. In 

accordingly.) The user interface for enabling a user to the method 700, such operation is shown by the steps 714, 

operate the peripheral device can be implemented in any of 715 and 716, which function in the same manner as steps 

a variety of well known ways (e.g., as a graphical user 711, 712 and 709, described above. Using the peripheral 

interface) using methods and apparatus that are well known device in this way can be useful, for example, when the 

to those skilled in the art. Generally, the user interface 2 s target functionality is embodied as a biometric device, as 

enables the user to perform any functionality that is provided described further below, that is used to perform user authen- 

by the peripheral device, as described in more detail else- tication. In particular, if the biometric device is to be used as 

where herein. the mechanism to enter the access code in step 704, opera- 

As indicated above, a peripheral device according to the tion in this mode may be necessary (depending on the 
invention can be operated in any of three modes. Once an 30 capabilities of the biometric device) to enable such use of the 
acceptable access code has been entered, the peripheral biometric device. (Of course, in this case, security 
device driver can enable the user to select one of the three functionality, i.e., user authentication, is used as part of the 
modes, as shown in step 705 of the method 700. step 715) The step 717 can also enable use of the security 
(Alternatively, as mentioned above, it may be desirable to functionality to begin by causing a prompt for an appropriate 
present the user only with the option of choosing the security 35 access code to appear (step 704). Again, eventually, use of 
functionality only mode or the security functionality plus the peripheral device ends (step 718). 
peripheral functionality mode, so as to eliminate the possi- As described above, a peripheral device according to the 
bility that the user will effect an unsecured use of the target invention that includes security functionality and target 
functionality.) If the security functionality only mode, or the functionality can be implemented so that the host computing 
security functionality plus peripheral functionality mode, is 40 device is not aware of the presence of the security function- 
selected, then the user interface (and the underlying periph- ality. It may also be desirable to shield the user from 
eral device driver) enables the user to input all desired or knowledge of the presence of the security functionality and 
required instructions regarding the security operations to be cause predetermined security operations to be performed 
performed for a particular "transaction" (e.g., a storage of automatically. This may be desirable so that, for example, it 
data in a memory device, a transmission of data by a 45 is not necessary for the user to provide input regarding the 
communications device, or an exchange of data with a smart performance of security operations, thus eliminating the 
card reader device), as shown by steps 706 and 710 of the possibility that the user will neglect to provide such input, or 
method 700. For example, the user interface can enable the will provide the input incorrectly or incompletely. Or, it may 
user to select data to which security operations are to be be desirable to make security operations transparent to users 
performed, specify the application of particular security 50 to enhance the security of those operations, since, if the 
operations to data, or specify parameters or other informa- performance of such operations is unknown, there will be no 
tion required for "a particular security operation. If the attempt to defeat the security provided by those operations, 
security functionality plus peripheral functionality mode, or If such is the case, the peripheral device driver can be 
the peripheral functionality only mode, is selected, then the implemented so that the peripheral device can operate only 
user interface and peripheral device driver enable the user to 55 in the security functionality plus peripheral functionality 
input all desired or required instructions regarding use of the mode (steps 710, 711, 712, 714, 715, 716 and 717 of the 
target functionality for the transaction, as shown by steps method 700 cannot be performed) and so that no indication 
707 and 711 of the method 700. For example, if the target (e.g., presentation of a user interface display that allows 
functionality is embodied as a memory device, the user input of instructions regarding the performance of security 
interface can enable the user to specify a name for the stored eo operations, as in step 706 of the method 700) is given of the 
data. Or, for example, if the target functionality is embodied presence of the security functionality of the peripheral 
as a communications device, the user interface can enable device. Rather, the user would simply be presented with 
the user to specify a destination (e.g., an electronic mail options regarding operation of the target functionality (step 
address) for the data. 707 of the method 700). In such an implementation, the 

Once the user has provided instructions in steps 706 and 65 peripheral device driver can be implemented to automati- 

707, in step 710, or in step 711, the transaction is executed, cally cause one or more predetermined security operations to 

as shown by step 708 or step 712 of the method 700. After be performed based upon a user-specified interaction with 
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the target functionality, or the peripheral device can be munication device for use with the invention can be easily 

configured to cause such security operations to be performed constructed and operated. A peripheral device according to 

any time a specified interaction with the target functionality the invention that includes a communications device that 

occurs. embodies target functionality can be used, for example, to 

A significant advantage of a peripheral device according 5 encrypt electronic mail before transmission to an addressee, 

to the invention is that the peripheral device can be imple- Or, such a peripheral device can be used, for example, to 

mented so that any of a variety of types of target function- encrypt data files that a person wishes to securely transfer 

ality can be included as part of the peripheral device. In between a computing device at the person's place of work 

particular, as described in more detail below, the peripheral and a computing device at the person's home, 

device includes an interface control device which enables 10 Target functionality of a peripheral device according to 

and manages communications between and among the host the invention can also be embodied as a biometric device, 

computing device, a cryptographic processing device that is which is defined herein as any device that is adapted to 

part of the peripheral device, and target functionality that is receive input data regarding a physical characteristic of a 

also part of the peripheral device. The interface control person based upon a physical interaction of the person with 

device can be adapted to provide an appropriate interface for 15 the device. In general, any such biometric device can be used 

each type of target functionality. Thus, in general, any to embody target functionality. Biometric devices that can be 

desired target functionality can be used with a peripheral used in a peripheral device according to the invention can 

device according to the invention, so long as the target include, for example, a fingerprint scanning device, a retinal 

functionality is implemented so as to enable communication scanning device or a faceprint scanning device, 

with an interface of the type presented. Those skilled in the 2 o 1° addition to conventional computational devices for 

art of data communications can readily understand how to storing and/or manipulating digital data, a biometric device 

implement such communication with target functionality in includes a sensor for sensing the physical characteristic, and 

view of the detailed description below (see FIGS. 8, 9A and an analog-to-digital converter to transform the analog data 

9B) of an embodiment of a peripheral device according to representing the sensed characteristic into digital data. For 

the invention, and, in particular, an interface control device 2 s example, a fingerprint scanning device includes a sensor 

of such a peripheral device. upon which a person can place a finger, the sensor sensing 

For example, target functionality of a peripheral device the fingerprint of the finger, the content of the sensed 
according to the invention can be embodied as a memory fingerprint being converted into digital data by the device, 
device adapted to enable non- volatile storage of data. In Similarly, a retinal scanning device includes a sensor which 
general, any such memory device can be used to embody 30 can be placed proximate to a person's eye, the sensor 
such target functionality. More particularly, a solid-state disk sensing characteristics of the eye such as blood vessel 
storage device (e.g., NAN flash memory device) can advan- pattern or iris pattern, the device translating the content of 
tageously be used. Illustratively, a memory device that can the sensed characteristics into digital data. The construction 
be used to embody target functionality in a peripheral device and operation of biometric devices in general, as well as 
according to the invention can be a compact flash memory 35 those identified particularly above, is well understood by 
device, such as an ATA format flash disk drive. Other those skilled in that art, so that, together with an understand- 
solid-state disk storage devices, such as SCSI disks and IDE ing of the required communication capability between the 
disks can be used. The construction and operation of target functionality and the interface control device, a bio- 
memory devices in general, as well as those identified metric device for use with the invention can be easily 
particularly above, is well understood by those skilled in that 40 constructed and operated. Fingerprint scanning devices and 
art, so that, together with an understanding of the required retinal scanning devices that can readily be modified for use 
communication capability between the target functionality with the invention, i.e. to communicate with an interface 
and the interface control device, a memory device for use control device according to the invention, are known to 
with the invention can be easily constructed and operated. A those skilled in that art. For example, fingerprint scanning 
peripheral device according to the invention that includes a 45 devices such as those available from Identix Incorporated of 
memory device that embodies the target functionality can be Sunnyvale, Calif, can be used in a fingerprint scanning 
used, for example, to securely store data in a manner that device for use with the invention, 

enables a user of the data to easily carry the data with them A peripheral device according to the invention that 

wherever they go. includes a biometric device that embodies the target func- 

Target functionality of a peripheral device according to 50 tionality can be used, for example, to enable user authenti- 

the invention can also be embodied as a communications cation to a host computing device before allowing access to 

device adapted to enable communication between the host particular data stored on the host computing device. Such 

computing device and a remote device. In general, any such user authentication can be accomplished by using a biomet- 

communications device can be used to embody target func- ric device to obtain biometric data from a user and compar- 

tionality. A communications device that can be used to 55 ing the biometric data to an appropriate library of biometric 

embody target functionality in a peripheral device according data representing a predetermined group of people (e.g., 

to the invention can include, for example, a data communi- authorized users). The library of data can be stored in a 

cations modem (such as, for example, a conventional tele- memory device of the peripheral device, 

phone line modem, an ISDN modem, a cable modem, or a When a peripheral device including a fingerprint scanning 

wireless modem) or a LAN transceiver (either wired or 60 device is embodied as a card adapted to be inserted into a 

wireless and, in the latter case, operating in, for example, the slot of a host computing device (e.g., a slot conforming to a 

infrared or radiofrequency spectrum). The construction and PCMCIA standard), it may be useful to make the peripheral 

operation of communication devices in general, as well as device relatively long, so that a portion of the card on which 

those identified particularly above, is well understood by the sensor is positioned can extend from the slot of the host 

those skilled in that art, so that, together with an understand- 65 computing device, thereby enabling fingerprints to be 

ing of the required communication capability between the scanned while the peripheral device is inserted in the host 

target functionality and the interface control device, a com- computing device. Similarly, for a fingerprint scanning 
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device, retinal scanning device or faceprint scanning device, meat of the peripheral device 800, the cryptographic pro- 
it may be desirable to form the device so that the sensor is cessing device 801 is a special purpose embedded processor, 
connected to the remainder of the device via an appropriate embodied on a single integrated chip and designated as 
communication line, thus providing some range of move- MYK-82 (and also referred to by the name Capstone), which 
ment of the sensor while the peripheral device is inserted in 5 includes an ARM6™ processor core and several special 
the host computing device, thereby facilitating use of the purpose cryptographic processing elements that have been 
device. developed by the Department of Defense. The construction 

A biometric device can be used in different ways with a a nd operation of the Capstone chip is known by those skilled 

system according to the invention, depending upon the m tne art of cryptographic processing, 

capabilities of the biometric device. Using known apparatus 30 The first memory device 803 can be a non-volatile data 

and methods, a "smart" biometric device can be imple- storage device which can be used to store computer pro- 

mented with the capability to detect the presence of an input grams and persistent data. Tne first memory device 803 can 

to the sensor, and, upon such detection, initiate acquisition be implemented by any appropriate such device (of which 

of the biometric data and performance by the peripheral there are many conventional, readily available incarnations), 

device of the appropriate data comparison. Such a biometric 15 such as, for example, a conventional flash memory device, 

device can be used to perform user authentication as in step The second memory device 804 can be a volatile data 

704 of the method 700 above. Alternatively, the biometric storage device that can also be a rapidly accessible data 

device may be "stupid" and require that a user initiate the storage device in which frequently used data and program 

data acquisition and authentication process. Such a biomet- instructions can be stored during operation of the peripheral 

ric device can be used to perform user authentication in a 20 device g00 ^ men iory device 804 can also be 

peripheral device that allows operation without entry of a implemented by any appropriate such device (of which there 

proper access code, as in steps 714 and 715 of the method are many conventional, readily available embodiments), 

sucn aSf f or example, a conventional random access memory 

Target functionality of a peripheral device according to (RAM) device, 
the invention can also be embodied as a smart card reader 25 The real-time clock 805 enables the creation of time 
device adapted to communicate with a smart card, such as, stamps, which can be used in a number of security opera- 
tor example, a smart card compliant with the ISO 7816 U0DSt Advantageously, the time stamps created by the real- 
standard. Such a device can be implemented by adapting a time clock 805 are more secure than those that could 
conventional smart card reader, the construction and opera- otherwise be produced by the relatively insecure clock of a 
tion of which is well known to those skilled in that art, to host computing device. The real-time clock 805 includes a 
provide a communications interface that enables the smart conventional battery backup device that maintains power to 
card reader to communicate with the interface control the real-time clock 805 when the peripheral device 800 is not 
device. A peripheral device according to the invention that m use p x#f w h en power is not supplied to the peripheral 
includes a smart card reader device can be used to provide device 80 0), so that the correct time is continuously pre- 
security features to a smart card reader, or add to existing served within the peripheral device 800. The real-time clock 
security features of a smart card reader. g05 (including battery backup) can be embodied by any 

It is to be understood that the examples given above are conventional such device, such as the DS1302 clock avail- 
merely illustrative, not exhaustive, of the ways in which a able from Dallas Semiconductor of Dallas, Texas, 
peripheral device according to the invention can be used. ^ In the peripheral device 800, the interface control device 
Many more possibilities exist. 802 mediates the interaction between the host computing 

FIG. 8 is a block diagram of a peripheral device 800 device, the target functionality 807 and the cryptographic 
according to another embodiment of the invention. The processing device 801. In one embodiment of the peripheral 
peripheral device 800 includes a cryptographic processing device 800, the interface control device 802 is a conven- 
device 801, an interface control device 802, a first memory 45 tional field-programmable gate array (FPGA) that is pro- 
device 803, a second memory device 804, a real-time clock grammed to perform the functions that it is desired to 
805, a host computing device input/output (I/O) interface implement with the interface control device 802, as 
806 and target functionality 807. described in more detail below. The interface control device 

The host computing device I/O interface 806 enables 802, under control of the cryptographic processing device 

communications between the peripheral device 800 and a 50 801, can be adapted to enable the peripheral device 800 to 

host computing device. The electrical and mechanical char- assume the identity of the target functionality 807, as 

acteristics of the I/O interface 806, as well as the protocol discussed above. The interface control device 802 also 

used to enable communication via the interface 806 are enables the in-line cryptography aspect of the invention, 

established in any manner that conforms to the industry since the interface control device 802 controls the flow of 

standard specifications for an interface of that type. For 55 data between the host computing device and the target 

example, a peripheral device according to the invention can functionality 807. 

be adapted for insertion into a PCMCIA slot of a host FIG. 9A is a block diagram illustrating the flow of data 

computing device. In such a peripheral device, the electrical through the interface control device 802 of FIG. 8. Data 

and mechanical characteristics and communications proto- transferred from a host computing device enters the periph- 

col for the host computing device I/O interface 806 are 60 eral device 800 (not demarcated in FIG. 9 A) through the 

established in conformance with the appropriate PCMCIA host computing device I/O interface 806. The interface 

standards. control device 802 presents the data to a cryptographic 

The cryptographic processing device 801 can be adapted processing device interface 808 (not shown in FIG. 8). 

to perform security operations. Generally, the cryptographic Depending on the configuration of the interface control 

processing device 801 can be embodied by any processor 65 device 802, as 'determined by operation of the peripheral 

capable of performing the cryptographic operations desired device driver and/or by settings established during the 

to be provided by the peripheral device 800. In one embodi- manufacture of the peripheral device 800, the data may or 
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may not be processed by the cryptographic processing For example, a peripheral device according to the inven- 

device 801 (FIG. 8). Typically (or, in some cases, tion can implement one or more cryptographic key exchange 

necessarily), as discussed in more detail above, crypto- operations. Any key exchange operation can be 

graphic processing will occur. The interface control device implemented, such as, for example, the Department of 

802 then causes the data to be transferred to the target 5 Defense Standard, the RSA, the Diffie-Hellman, and the 

functionality 807. Data being transferred from the target X9.42 (ANSI Banking Standard) key exchange algorithms, 

functionality 807 to the host computing device follows a A peripheral device according to the invention can also 

similar path in the reverse direction. When the target func- implement one or more hash operations. Any hash operation 

tionality 807 is not present or is not being used, data can be implemented, such as, for example, the FIPS 180-1 

transferred from the host computing device, after being 1Q (SHA-1), the Message Digest 2 (RSA), and the Message 

presented to the cryptographic processing device interface Digest 5 (RSA) algorithms. 

808 and being processed by the cryptographic processing a peripheral device according to the invention can also 

device 801, is caused to be transferred back to the host implement one or more digital signature operations. Any 

computing device I/O interface 806 (and, from there, to the digital signature operation can be implemented, such as, for 

host computing device) by the interface control device 802. example, the FIPS 186 (DSA — 512, 1024) and the RSA 

FIG. 9B is a block diagram of a particular embodiment of 15 Signature (512, 768, 1024, 2048) algorithms, 

an interface control device 910 for use in a peripheral device A peripheral device according to the invention can also 

according to the invention. As shown in FIG. 9B, the host implement one or more key wrapping operations for both 

computing device communicates via a PCMCIA interface symmetric and asymmetric keys. A key wrapping operation 

and the target functionality is embodied by a compact flash „ can ensure tnat plaintext keys are not accessible external to 

memory device. Those skilled in the art will readily appre- f he Peripheral device. Any key wrapping operation can be 

ciate how the interface control device 910 can be modified implemented. 

for use with other host computing device interfaces and/or . A , Peripheral device according to the invention can also 

target functionalities implement one or more symmetric encryption operations. 

/ i j • niA • i j *r c Any symmetric encryption operation can be implemented, 

The interface control, device 910 includes sets of configu- 25 ^ * fof ™ ^ p ^ ps lg5 (i leme F nted com . 

ration registers 911. Hie data stored in the configuration ktd ifl lhe DES (including 3DES, EDE3, CBC 

registers 911 establish operating characteristics of the inter- and ECB)> the RC . 2 and the RC _ 4 algorithmSt 

face control device: in particular, the content of the configu- A peripheral device accor ding to the invention can also 

ration registers enables the interface control device to implement one or more asymmetric (public key) encryption 

present to the host computing device a desired identification 30 operations. While asymmetric encryption operations under- 

of the peripheral device, and determines whether data pass- ij e tne key exchange operations described above, asymmet- 

ing through the peripheral device must be subjected to ri c key operations can also be used independently in a 

security operations. peripheral device according to the invention for bulk encryp- 

A set of configuration registers is maintained for the host tion. Any asymmetric encryption operation can be 

computing device I/O interface, the cryptographic process- 35 implemented, such as, for example, the RSA and Diffie- 

ing device interface, and the target functionality interface. In Hellman algorithms. 

particular, the content of the host computing device I/O A peripheral device according to the invention can also 

interface configuration registers is such that the interaction implement one or more exponentiation operations, which 

of the host computing device with the peripheral device is are required in many cryptographic operations. Any expo- 

the same as if the security functionality were not present 40 nentiation operation can be implemented. Since exponen- 

(unless the data security system is operating in security tiation requires a significant amount of processing time 

functionality only mode). The content of the target func- relative to other mathematical operations, it can be desirable 

tionality interface registers reflects the presence of the to implement an exponentiation operation in dedicated hard - 

security functionality. The cryptographic processing device wa f ln one embodiment of a peripheral device according 

interface registers bridge the gap between the other two sets 45 10 the * ve °tion, functionality of the peripheral 

of registers device includes a full 1024 bit exponentiator implemented in 

The remainder of the functional blocks of the interface hardware, 

control device 910 shown in FIG. 9B perform functions and Va " 0, f embodiments of the invention have been 

operate in a manner that can readily be understood by those described. The descnptions are intended to be nlustrative, 

skilled in the art from the designation and interconnection of 50 nt>t ^ mitative - ™«** wU1 «* a H> arent l ° one m ?" 

those blocks in FIG 9B art certain modifications may be made to the invention 

, , t , ' V - . f • . 1 as described above without departing from the scope of the 

In general, the security functionality of a peripheral , . . 4 , , r ° r 

1 . j • , .1 . f* j * claims set out below, 

device according to the invention can be configured to ^ claim* 

perform any cryptographic operation, as well as other, 1 A eri heral device com risin 

related mathematical operations. A configuration of the 55 * ? en ^ era evice » ^° m P nsin S- 

security functionality that enables a particular cryptographic secunt y m ? ans fo / ^ling one or more security opera- 

or mathematical operation can be produced, for example, by tlons t0 te P erformed 00 data J 

using appropriate existing cryptographic software, target means for enabling a defined interaction with a host 

application-specific hardware, or combination of the two, as computing device; 

known by those skilled in the art of producing cryptographic 60 means for enabling communication between the security 

devices. Following is a description of exemplary crypto- means and the target means; 

graphic and mathematical operations that can be imple- means for enabling communication with a host computing 

mented as part of the security functionality of a peripheral device; 

device according to the invention. These cryptographic and means for operably connecting the security means and/or 

mathematical operations are well-known and can readily be 65 the target means to the host computing device in 

implemented in a peripheral device according to the inven- response to an instruction from the host computing 

tion by a person of skill in the art of cryptography. device; and 
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means for mediating communication of data between the 
host computing device and the target means so that the 
communicated data must first pass through the security 
means. 

2. A peripheral device as in claim 1, wherein the target 
means comprises means for non-volatilely storing data. 

3. A peripheral device as in claim 1, wherein the target 
means comprises means for enabling communication 
between the host computing device and a remote device. 

4. A peripheral device as in claim 1, wherein the target 
means comprises a biometric device. 

5. A peripheral device as in claim 1, wherein the target 
means comprises means for communicating with a smart 
card. 

6. A peripheral device, comprising: 

security means for enabling one or more security opera- 
tions to be performed on data; 

target means for enabling a denned interaction with a host 
computing device; 

means for enabling communication between the security 
means and the target means, 

means for enabling communication with a host computing 
device; 

means for operably connecting the security means and/or 
the target means to the host computing device in 
response to an instruction from the host computing 
device; and 

means for providing to a host computing device, in 
response to a . request from the host computing device 
for information regarding the type of the peripheral 
device, information regarding the function of the target 
means. 

7. A peripheral device as in claim 6, wherein the target 
means comprises means for non-volatilely storing data. 

8. A peripheral device as in claim 6, wherein the target 
means comprises means for enabling communication 
between the host computing device and a remote device. 

9. A peripheral device as in claim 6, wherein the target 
means comprises a biometric device. 

10. A peripheral device as in claim 6, wherein the target 
means comprises means for communicating with a smart 
card. 

11. A peripheral device, comprising: 

security means for enabling one or more security opera- 
tions to be performed on data; 

target means for enabling a defined interaction with a host 
computing device; 

means for enabling communication between the security 
means and the target means; 

means for enabling communication with a host computing 
device; and 

means for mediating communication of data between the 
host computing device and the target means so that the 
communicated data must first pass through the security 
means. 

12.. A peripheral device as in claim 11, wherein the target 
means comprises means for non-volatilely storing data. 

13. A peripheral device as in claim 12, wherein the means 
for non-volatilely storing data further comprises a solid-state 
disk storage device. 

14. A peripheral device as in claim 13, wherein the 
solid-state disk storage device comprises an ATA format 
flash disk drive. 

15. A peripheral device as in claim 11, wherein the target 
means comprises means for enabling communication 
between the host computing device and a remote device. 
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16. A peripheral device as in claim 15, wherein the means 
for enabling communication between the host computing 
device and a remote device further comprises wireless 
communication means. 
5 17. A peripheral device as in claim 16, wherein the 
wireless communication means comprises a wireless 
modem. 

18. A peripheral device as in claim 16, wherein the 
wireless communication means comprises a wireless LAN 

10 transceiver. 

19. A peripheral device as in claim 11, wherein the target 
means comprises a biometric device. 

20. A peripheral device as in claim 19, wherein the 
biometric device comprises a fingerprint scanning device. 

is 21. A peripheral device as in claim 19, wherein the 
biometric device comprises a retinal scanning device. 

22. A peripheral device as in claim 11, wherein the target 
means comprises means for communicating with a smart 
card. 

20 23. A peripheral device, comprising: 

security means for enabling one or more security opera- 
tions to be performed on data; 

target means for enabling a defined interaction with a host 
computing device; 

means for enabling communication between the security 
means and the target means; 

means for enabling communication with a host computing 
device; 

30 means for mediating communication of data between the 
host computing device and the target means so that the 
communicated data must first pass through the security 
means; and 

means for providing to a host computing device, in 
35 response to a request from the host computing device 
for information regarding the type of the peripheral 
device, information regarding the function of the target 
means. 

24. A peripheral device, comprising: 

40 security means for enabling one or more security opera- 
tions to be performed on data; 
target means for enabling a defined interaction with a host 
computing device; 
45 means for enabling communication between the security 
means and the target means; 
means for enabling communication with a host computing 
device; and 

means for providing to a host computing device, in 
50 response to a request from the host computing device 
for information regarding the type of the peripheral 
device, information regarding the function of the target. 

25. A peripheral device as in claim 24, wherein the target 
means comprises means for non-volatilely storing data. 

55 26. A peripheral device as in claim 25, wherein the means 
for non-volatilely storing data further comprises a solid-state 
disk storage device. 

27. A peripheral device as in claim 26, wherein the 
solid-state disk storage device comprises an ATA format 

60 flash disk drive. 

28. A peripheral device as in claim 24, wherein the target 
means comprises means for enabling communication 
between the host computing device and a remote device. 

29. A peripheral device as in claim 28, wherein the means 
65 for enabling communication between the host computing 

device and a remote device further comprises wireless 
communication means. 
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30. A peripheral device as in claim 29, wherein the 
wireless communication means comprises a wireless 
modem. 

31. A peripheral device as in claim 29, wherein the 
wireless communication means comprises a wireless LAN 
transceiver. 

32. A peripheral device as in claim 24, wherein the target 
means comprises a biometric device. 

33. A peripheral device as in claim 32, wherein the 
biometric device comprises a fingerprint scanning device. 

34. A peripheral device as in claim 32, wherein the 
biometric device comprises a retinal scanning device. 

35. A peripheral device as in claim 24, wherein the target 
means comprises means for communicating with a smart 
card. 

36. A data security system, comprising: 

a host computing device including one or more device 

interfaces adapted to enable communication with 

another device; 
a peripheral device, comprising: 

security means for enabling one or more security 
operations to be performed on data; 

target means for enabling a defined interaction with a 
host computing device; and 

means for enabling communication between the secu- 
rity means and the target means; 

means for enabling communication with a host com- 
puting device; and 

means for mediating communication of data between 
the host computing device and the target means so 
that the communicated data must first pass through 
the security means. 

37. A data security system, comprising: 

a host computing device including one or more device 
interfaces adapted to enable communication with 
another device; 

a peripheral device, comprising: 
security means for enabling one or more security 
operations to be performed on data; 
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target means for enabling a defined interaction with a 
host computing device; and 

means for enabling communication between the secu- 
rity means and the target means; 

means for enabling communication with a host com- 
puting device; and 

means for providing to a host computing device, in 
response to a request from the host computing device 
for information regarding the type of the peripheral 
device, information regarding the function of the 
target means. 

38. For use in a peripheral device adapted for communi- 
cation with a host computing device, performance of one or 
more security operations on data, and interaction with a host 
computing device in a defined way, a method comprising the 
steps of: 

receiving a request from a host computing device for 
information regarding the type of the peripheral device; 
and 

providing to the host computing device, in response to the 
request, information regarding the type of the defined 
interaction. 

39. For use in a peripheral device adapted for communi- 
cation with a host computing device, performance of one or 
more security operations on data, and interaction with a host 
computing device in a defined way, a method comprising the 
steps of: 

communicating with the host computing device to 
exchange data between the host computing device and 
the peripheral device; 

performing one or more security operations and the 
defined interaction on the exchanged data; and 

mediating communication of the exchanged data between 
the host computing device and the peripheral device so 
that the exchanged data must first sass through means 
for performing the one or more security operations. 
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